First off, that is not a typo, I want to decrypt using a public key. The purpose for doing this is to challenge a third party to ensure they do, in fact, have the private key that corresponds to the public key. Basically, I would send some random data, they would encrypt it with their private key, I would decrypt it using the public key and compare the decrypted value to the random data that I sent. I believe this is a pretty standard procedure in public key crypto but for some reason decrypting with a public key seems to be taboo.
I am simply using the RSACryptoServiceProvider in .NET 2.0. However, when I call Decrypt it throws a CryptographicException with message Bad Key. The key is not bad (I can Encrypt with no problem), but it appears as though it will not let me decrypt with just the public key. What gives? This must be possible to do.
I think the recognized term is signing. They sign with the private key, and you verify with the public key. I admit I don't understand the low-level math as well as I should, but my understanding is signing is really just encrypting with the private key.
Use RSACryptoServiceProvider's sign and verify family of methods. In fact, SignHash actually says, "encrypting it with the private key."
These .Net classes should be a wrapper of the crypto API.
There are two types of keys in crypto API. Crypto API is a wrapper around PKCS#11. When you generate a key pair using Microsoft cryptographic service provider, you get AT_EXCHANGE AND AT_SIGNATURE keys. Every key is generated based on some attributes defined in PKCS#11 standard..
AT_EXCHANGE keys Attributes:
wrap/unwrap = true
sign/verify = true
encrypt/decrypt = false
AT_SIGNATURE keys Attributes:
wrap/unwrap = false
sign/verify = true
encrypt/decrypt = false
So basically, when you are exchaning data, you are essentially performing a wrapping/unwrapping function. This is what Microsoft calls it as AT_EXCHANGE. This is primarily used to exchange secrete/symmetric keys and not used to echange huge amounts of data.
So you need to go back and find out which key you chose to EITHER sign / wrap your dat.
Per Raj, the key you've been provided with probably isn't marked for exchange.
Ask the party who provided the public key how they generated it. If using makecert.exe, they'll need to specify "-sky Exchange". Without this, you can only use the key for signing and authentication, not encryption/decryption which is the use case you're implementing here.
Related
I use this RSA library for swift. https://github.com/TakeScoop/SwiftyRSA
Is there any way to export public RSA key from private key ?
I would just use the internal api calls, there is plenty of sample code and it’s literally 10 lines of code to create keys, obtain them from key chain and encrypt/decrypt data.
If you look in the library read me file, it tells you how to obtain a public key and then export it into various formats....
I have a LunaSA HSM and i'm trying to unwrap a PKCS#8 formatted private key with a CAST5 secret key? The mechanism to use is CKM_CAST5_CBC_PAD the OID of which is 1.2.840.113533.7.66.10.
Unfortunately when i run the C_UnwrapKey function using the above mechanism with the specified secret key, the HSM returns with CKM_MECHANISM_INVALID which according to PKCS11 means that the mechanism is not supported for the specified cryptographic operation.
How can I unwrap my PKCS#8 private key using CKM_CAST5_CBC_PAD?
With CKR_MECHANISM_INVALID your PKCS#11 library is telling you that "An invalid mechanism was specified to the cryptographic operation".
Are you sure that your PKCS#11 library supports CKM_CAST5_CBC_PAD mechanism? You can check by simply calling C_GetMechanismList() and checking whether this mechanism is present in the returned list.
Need some help. I am working on encryption, where I need to implement crypto_box_keypair() or decode a hex string to a byte array so that you have to get a public and private keys. I also need to call crypto_box(m,n,pk,sk) for encryption.
I have never worked on encryption, I struck with how to implement. If you have any sample code, could you please send. which will be very help full. I just need to encrypt and decrypt string in ios.
Thanks in advnce.
I have searched alot regarding my task which is like ,
i am getting data through XML which is encrypted using RSA/ECB/PKCS1Padding from backend and they have given me a file name "publickey.der". According to them this is public key and you need to use this key for decryption.
Seriously i dont have any idea about using this public key for decryption on Objective C.
Please guide me which framework or library or sdk i need to use or any one has any sample code for this. I am counting on you guys only.
Looking forward for your responses
Thank you once again
Public keys are used for encryption, private keys are used for decryption. You will have to rectify this issue first.
Also RSA/ECB/PKCS1Padding is not common, when you want to rsa encrypt a large amount of data, usually you encrypt an aes key with rsa and encrypt your data with aes instead.
Basically, to do this RSA/ECB decrypt outside of java, it will be manually, and you are going to have to break your cipher text up by your block size (key size), and then decrypt each block without padding, until the final block with padding, that's how you get the ECB.
This is not ideal, that combined with them providing you with a public key and telling you to decrypt, suggests that whoever is giving you the data needs to fix their encryption issues.
I need a very basic 2 minute intro to certificates...
I have been provided with a .p12 cert file... That is password protected... Now I need to import it to registry, and export a base 64 .cer file...
Finally I use this .cer file to access a web service outside of my solution....
My question is - Does the imported .p12 and the .cer work hand in hand to authenticate the request?
I could really do with 2-3 lines of explanation as to how it all works from a technical programmers point of view...
Thanks in advance
There's a reason you rarely see a short explanation of cryptography!
Many forms of encryption are based on the use of a single Shared Key (symmetric) to encrypt and decrypt the message--both the sender and the receiver must know the key.
However, in this case you are using Public Key cryptography, which splits the key into two parts that, as you said, "work hand in hand". To borrow from http://www.globus.org/toolkit/security/public-key-cryptography.html:
These keys are numbers that are mathematically related in such a way that if either key is used to encrypt a message, the other key must be used to decrypt it. Also important is the fact that it is next to impossible (with our current knowledge of mathematics and available computing power) to obtain the second key from the first one and/or any messages encoded with the first key.
By making one of the keys available publicly (a public key) and keeping the other key private (a private key), a person can prove that he or she holds the private key simply by encrypting a message. If the message can be decrypted using the public key, the person must have used the private key to encrypt the message.
Note that it is critical that private keys be kept private! Anyone who knows the private key can easily impersonate the owner.
Apparently, what you have here in your password-protected .P12 file is both your private and public keys. After you import it into your PC, you can extract a .CER file of your public key--and that's the one you give to the web service.
After that, here's essentially what happens when you send a message to the web service:
Your computer needs to use your private key and the web service's public key to encrypt the message.
Then, only the web service which has access to your public key and their own private key can decrypt it.
For them to send a message back to you, it works quite the same, but with everything in reverse.
Now that should be as clear as mud... but at least you've got a start.